strangedev
commented
6 years ago PR #49 will add this feature.
Closed strangedev closed 6 years ago
strangedev
commented
6 years ago PR #49 will add this feature.
Because of the GDPR, there has to be a way to remove personal data of DataSubjects from the database. This should eventually be possible without the intervention of an Admin user, but would require some sort of authorization for DataSubjects and it's not obvious what mechanism should be used for this.
As a workaround, at least the Admin user should be able to remove personal data from the database on request. For this, I propose a searchable list view that is available to Admin users, which displays DataSubjects, but not their responses and allows for deletion of all DataSubject related data.
The changes will consist of an endpoint for querying DataSubjects, an endpoint for deleting all data related to a specific DataSubject and a frontend component presenting the query results as a list.